5
4 In-lined Reference Monitors When mechanism inserted into the application... –Allows policies in terms of application abstractions. –Pay only for what you need. –Enforcement without context switches into kernel. –Isolates state of enforcement mechanism. Program Kernel RM

7
6 What Policies can be Enforced? Class EM enforcement mechanisms: Monitor a target system and terminate any execution that is about to violate the security policy. EM includes reference monitors and other operating systems and hardware-supported mechanisms. EM allows … Principle of Least Privilege: Allow only those accesses needed to get the job done.